[apparmor] [patch] ntpd needs read access to openssl.cnf
Seth Arnold
seth.arnold at canonical.com
Mon Sep 16 22:10:13 UTC 2013
On Mon, Sep 16, 2013 at 10:39:13PM +0200, Christian Boltz wrote:
> Hello,
>
> I just received the following patch and propose it for 2.8 and trunk:
>
>
>
> Patch-Author: Stefan Seyfried <seife+obs at b1-systems.com>
>
> After this change in ntp:
>
> * Mo Aug 19 2013 crrodriguez at opensuse.org
> - Build with -DOPENSSL_LOAD_CONF , ntp must respect and use
> the system's openssl configuration.
>
> we need to read openssl.cnf or starting of ntpd will fail silently(!)
>
>
>
> Patch v2 by Christian Boltz: use abstractions/openssl instead of
> allowing /etc/ssl/openssl.cnf directly
Acked-by: Seth Arnold <seth.arnold at canonical.com>
>
> === modified file 'profiles/apparmor.d/usr.sbin.ntpd'
> --- profiles/apparmor.d/usr.sbin.ntpd 2011-08-08 20:16:06 +0000
> +++ profiles/apparmor.d/usr.sbin.ntpd 2013-09-16 20:28:39 +0000
> @@ -14,6 +14,7 @@
> /usr/sbin/ntpd {
> #include <abstractions/base>
> #include <abstractions/nameservice>
> + #include <abstractions/openssl>
> #include <abstractions/xad>
>
> capability dac_override,
>
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130916/a1c669e9/attachment.pgp>
More information about the AppArmor
mailing list